Executive Summary A mobile threat report conducted by the Finnish antivirus firm, F-Secure indicates that over 75% of malicious software targeting smartphones in the last quarter were aimed at Android devices. F-Secure’s data doesn’t necessarily show a spike in smartphone-targeted malware, but it does show cybercriminals narrowing their focus onto Google’s platform.
Market share is the key driver for attacks on operating systems, because hackers want the largest user base possible. There is a high growth rate of Android overseas, especially in China where 4 out of 5 smart phones devices use the Androids operating platform.The vast majority of the samples tracked by F-Secure were found in third-party app stores in China and other foreign markets. Trojans pretending to be installers for popular programs are distributed by alternative app stores created by cybercriminals. SMS Trojans which steal money from the victim’s mobile account by sending text messages from premium rate numbers. As the majority of victims are overseas and even using modified versions of Android, F-Secure’s Sullivan says the problem is still marginal for Google, though it should teach users not to download apps outside of Google’s official Android market.
Analysis The attacks described in the article above show a real world example of the simple anatomy of a hack. The hackers first search for a target, then find a vulnerability to exploit and execute the attack through use of malware. In this particular case, the hacker’s goal is to steal money from the target and he will accomplish this through use of the nonmobile malware, Trojan horse. The hackers select the Android devices as their target, particularly devices in China, because it has the largest market share of smartphones for that location. The key vulnerability of these phones, which may not be the case for many of the Android device users in the US, is that users download apps from less secure third party app stores. The hacker is able to disguise the Trojan as a popular app in the app store and when the user installs the application, he is actually placing the Trojan onto his device. From that point, the Trojan can execute the hacker’s intended objective.
In response to this, Google has initiated and continues to develop various applications and programs to strengthen the security for its devices. The three most recent ones are Virustotal, Bouncer and Google Play. Google acquired the company, Virustotal, which offers free software for its users that analyzes files and URLs to identify viruses, worms, Trojans and other malicious content through the use of antivirus engines and website scanners. Google launched Bouncer in February 2012, which is a malware scanning utility for its Android market that has likely made it far more difficult to sneak hazardous software into Google’s official app store. Finally, Google Play is the official app store which has over 675,000 apps and games and uses the power of the cloud so that apps are available on all devices without syncing.
However, despite these initiatives, in this case, the underlying cause for the vulnerability may relate to social engineering. As we learned, social engineering takes advantage of flawed human judgement and causes the user to act against security controls that may be in place. The security controls mentioned above are strictly for official Google applications; however, if users decide to use unofficial app stores which are less secure, they are putting themselves at risk.
A mobile threat report conducted by the Finnish antivirus firm, F-Secure indicates that over 75% of malicious software targeting smartphones in the last quarter were aimed at Android devices. F-Secure’s data doesn’t necessarily show a spike in smartphone-targeted malware, but it does show cybercriminals narrowing their focus onto Google’s platform.
Market share is the key driver for attacks on operating systems, because hackers want the largest user base possible. There is a high growth rate of Android overseas, especially in China where 4 out of 5 smart phones devices use the Androids operating platform.The vast majority of the samples tracked by F-Secure were found in third-party app stores in China and other foreign markets. Trojans pretending to be installers for popular programs are distributed by alternative app stores created by cybercriminals. SMS Trojans which steal money from the victim’s mobile account by sending text messages from premium rate numbers. As the majority of victims are overseas and even using modified versions of Android, F-Secure’s Sullivan says the problem is still marginal for Google, though it should teach users not to download apps outside of Google’s official Android market.
Analysis
The attacks described in the article above show a real world example of the simple anatomy of a hack. The hackers first search for a target, then find a vulnerability to exploit and execute the attack through use of malware. In this particular case, the hacker’s goal is to steal money from the target and he will accomplish this through use of the nonmobile malware, Trojan horse. The hackers select the Android devices as their target, particularly devices in China, because it has the largest market share of smartphones for that location. The key vulnerability of these phones, which may not be the case for many of the Android device users in the US, is that users download apps from less secure third party app stores. The hacker is able to disguise the Trojan as a popular app in the app store and when the user installs the application, he is actually placing the Trojan onto his device. From that point, the Trojan can execute the hacker’s intended objective.
In response to this, Google has initiated and continues to develop various applications and programs to strengthen the security for its devices. The three most recent ones are Virustotal, Bouncer and Google Play. Google acquired the company, Virustotal, which offers free software for its users that analyzes files and URLs to identify viruses, worms, Trojans and other malicious content through the use of antivirus engines and website scanners. Google launched Bouncer in February 2012, which is a malware scanning utility for its Android market that has likely made it far more difficult to sneak hazardous software into Google’s official app store. Finally, Google Play is the official app store which has over 675,000 apps and games and uses the power of the cloud so that apps are available on all devices without syncing.
However, despite these initiatives, in this case, the underlying cause for the vulnerability may relate to social engineering. As we learned, social engineering takes advantage of flawed human judgement and causes the user to act against security controls that may be in place. The security controls mentioned above are strictly for official Google applications; however, if users decide to use unofficial app stores which are less secure, they are putting themselves at risk.